add option to use all available cmdstagers one after another

[emanuelb]

a exploit that have multiple options in CmdStagerFlavor, will use by default the first one and if it's failed but the exploit will work with other available Flavor, the user will need to set other stager manually, for example set CMDSTAGER::FLAVOR curl and run the exploit again (which will send again the requests not in 'execute_command' method)

it will be handy if a option to use all available stagers one after another (in case the exploit failed after using stager, repeat with the next one if it's possible to detect if PAYLOAD succeeded )

for example, see setup of vulnerable script & metasploit module at:
#8667
just change the line:
'CmdStagerFlavor' => [ 'printf' ],
to:
'CmdStagerFlavor' => ['wget', 'curl', 'printf', 'bourne', 'echo'],
and
'CMDSTAGER::FLAVOR' => 'printf'
to:
'CMDSTAGER::FLAVOR' => 'wget'

using wget stager will result in failed exploitation as wget don't exists in the docker image, but curl & printf stagers will work.

[sempervictus]

Good idea, so long as prior attempts did bork our session, this should work fine. Cmdstagers verbosely reporting their cmd not being where expected vs failure to stage helps this concept, I think.

[wvu]

CmdStager should also be BadChars-aware.